What is the biggest difference between the DVA-C02 and SAA-C03 exams?
DVA-C02 focuses on developer tools, code integration patterns, CI/CD pipelines, and application-level services like Lambda, DynamoDB, API Gateway, and Cognito. SAA-C03 focuses on architecture design, networking, and broad service selection. Visibility timeout is an SQS concept, not DynamoDB. In SQS, it controls how long a received message is hidden from other consumers.
The AWS Certified Developer - Associate (DVA-C02) is frequently underestimated. Candidates expect a coding exam and are surprised by how much of it covers deployment, monitoring, security, and AWS-specific developer services. This exam tests practical development knowledge — not just knowing what services exist, but understanding how to use them correctly in application code and CI/CD pipelines.
This guide focuses on what the exam actually tests, where candidates typically struggle, and how to allocate your study time.
Exam Overview
The DVA-C02 exam contains 65 questions (50 scored, 15 unscored) with a 130-minute time limit. The passing score is 720 out of 1000. It includes multiple choice and multiple response questions.
Domain Weights
| Domain | Weight |
|---|---|
| Domain 1: Development with AWS Services | 32% |
| Domain 2: Security | 26% |
| Domain 3: Deployment | 24% |
| Domain 4: Troubleshooting and Optimization | 18% |
Domain 1: Development with AWS Services (32%)
This domain tests whether you can build applications that use AWS services correctly from code. It covers Lambda, API Gateway, DynamoDB, SQS, SNS, and other developer-facing services.
AWS Lambda
Lambda is the most heavily tested service on this exam. You need to know it in depth.
Execution model:
Lambda functions execute up to 15 minutes
Memory: 128 MB to 10,240 MB; CPU scales proportionally with memory
Concurrency: 1,000 concurrent executions per region by default (soft limit)
Cold start: occurs when a new execution environment is initialized; reduced with Provisioned Concurrency
Event sources (triggers):
| Trigger | Invocation Model |
|---|---|
| API Gateway | Synchronous |
| ALB | Synchronous |
| S3 events | Asynchronous |
| SNS | Asynchronous |
| SQS | Polling (batch) |
| DynamoDB Streams | Polling (batch) |
| EventBridge | Asynchronous |
Understanding synchronous vs. asynchronous invocation matters for error handling. Synchronous invocations return errors to the caller. Asynchronous invocations send failures to a Dead Letter Queue (DLQ) or EventBridge.
Lambda versions and aliases:
Versions are immutable snapshots of function code and configuration
Aliases are mutable pointers to specific versions
Traffic shifting: configure an alias to route a percentage of traffic to two versions (useful for canary deployments)
DynamoDB
DynamoDB is the second most tested service on DVA-C02.
Data model:
Table: top-level container
Item: equivalent to a row; up to 400 KB
Attributes: key-value pairs within an item
Partition key (required): determines the partition where the item is stored
Sort key (optional): enables range queries within a partition
Read/write capacity modes:
Provisioned mode: specify read capacity units (RCUs) and write capacity units (WCUs); supports Auto Scaling
On-demand mode: pay per request; use when traffic is unpredictable
Read types:
Eventually consistent read: default; may return stale data for up to ~1 second
Strongly consistent read: always returns the most recent data; costs 2x RCUs
Common operations:
GetItem — retrieve a single item by primary key
PutItem — create or replace an item
UpdateItem — modify specific attributes; supports conditional updates
Query — retrieve items sharing a partition key, optionally filtered by sort key range
Scan — reads every item in a table; expensive, avoid at scale
Global Secondary Indexes (GSIs): Allow queries on non-primary key attributes. Have their own provisioned capacity and can be added after table creation.
DynamoDB Streams: Captures item-level changes in near real time. Consumed by Lambda for event-driven processing.
API Gateway
REST API and HTTP API are the two main types
HTTP API: lower cost, lower latency, fewer features
REST API: more features including usage plans, API keys, request/response transformation
Integration types: Lambda, HTTP backend, AWS service, mock
Stages allow deployment of different versions (dev, staging, prod)
Caching can be enabled per stage to reduce backend calls
SQS Message Patterns
Key concepts the exam tests:
Visibility timeout: How long a message is hidden after being received. If processing fails and the timeout expires, the message becomes visible again for reprocessing
Message retention: 1 minute to 14 days (default 4 days)
Long polling: Wait up to 20 seconds for a message, reducing empty responses and API costs
Dead-letter queue (DLQ): Receives messages that exceed the maximum receive count
Domain 2: Security (26%)
Security questions for developers focus on credential management, encryption, and authorizing access to AWS services from code.
IAM Roles for Applications
Applications running on AWS services should use IAM roles, not access keys. The correct patterns:
EC2: Attach an instance profile (role) to the instance; credentials are automatically available via the metadata service
Lambda: Assign an execution role; Lambda assumes it when the function runs
ECS/EKS: Assign task roles to containers
The SDK automatically retrieves credentials from the instance metadata service. Never hardcode credentials in application code.
AWS STS and Temporary Credentials
AWS Security Token Service (STS) issues temporary credentials:
AssumeRole: Used for cross-account access or assuming a different role within the same accountAssumeRoleWithWebIdentity: Used for federating with web identity providers (Google, Facebook, Amazon Cognito)GetSessionToken: Used for MFA-based temporary credentials
Amazon Cognito
Cognito is heavily tested for user authentication and authorization.
User Pools: User directory; handles sign-up, sign-in, MFA, and returns JWT tokens
Identity Pools (Federated Identities): Exchanges third-party tokens (from User Pools, Google, SAML) for AWS temporary credentials via STS
A common exam pattern: "Mobile app users need to access S3 and DynamoDB directly without going through a backend." The answer uses Cognito Identity Pools to issue temporary AWS credentials.
KMS and Envelope Encryption
The exam tests how envelope encryption works:
A data key is generated by KMS using a Customer Master Key (CMK)
The data key encrypts the application data locally (never sent to KMS)
The encrypted data key is stored alongside the encrypted data
To decrypt: call KMS to decrypt the data key, then use it to decrypt the data
This pattern allows encrypting large amounts of data without transmitting all data to KMS.
Domain 3: Deployment (24%)
Deployment questions cover CI/CD pipelines, Elastic Beanstalk, CodeDeploy, and container deployment patterns.
AWS CI/CD Services
| Service | Purpose |
|---|---|
| AWS CodeCommit | Managed Git repository |
| AWS CodeBuild | Managed build service; runs buildspec.yml |
| AWS CodeDeploy | Automates application deployments to EC2, Lambda, ECS |
| AWS CodePipeline | Orchestrates CI/CD stages (Source, Build, Test, Deploy) |
buildspec.yml structure:
version: 0.2
phases:
install:
commands:
- npm install
build:
commands:
- npm run build
post_build:
commands:
- echo Build completed
artifacts:
files:
- '**/*'
CodeDeploy Deployment Types
In-place: Updates the existing instances; causes downtime during deployment
Blue/green: New instances are provisioned and traffic is shifted after validation; safer for production
For Lambda and ECS, CodeDeploy supports traffic shifting strategies:
Canary: Shift a small percentage first (e.g., 10%), wait, then shift the rest
Linear: Shift traffic in equal increments over time
All-at-once: Shift all traffic immediately
Elastic Beanstalk
Elastic Beanstalk abstracts infrastructure management. Key deployment policies:
All at once: Fastest, causes downtime
Rolling: Deploys in batches, brief capacity reduction
Rolling with additional batch: Launches extra instances before deploying; no capacity reduction
Immutable: Deploys to new instances; safest, most expensive
Blue/green: Uses DNS swap (Route 53 CNAME swap); not a native Beanstalk policy but achievable via swap environment URLs
Domain 4: Troubleshooting and Optimization (18%)
This domain tests observability and performance tuning for applications on AWS.
CloudWatch
Metrics: Numerical data points over time. EC2 standard metrics update every 5 minutes; detailed monitoring every 1 minute (additional cost)
Logs: Application log data; requires the CloudWatch Logs agent or Lambda to send logs
Log Groups and Log Streams: Log group per application; log stream per instance or function invocation
Metric Filters: Extract metric data from log entries (e.g., count occurrences of "ERROR")
CloudWatch Alarms: Trigger SNS notifications or Auto Scaling actions based on metric thresholds
AWS X-Ray
X-Ray provides distributed tracing for applications:
Traces requests as they travel through services
Segments represent work done by a service; subsegments represent downstream calls
The X-Ray SDK must be added to application code to instrument it
Sampling rules control what percentage of requests are traced
X-Ray is the answer when the exam asks about tracing latency, identifying bottlenecks, or debugging microservice performance.
Lambda Performance Optimization
Increase memory to increase CPU allocation and reduce execution time
Use Provisioned Concurrency to eliminate cold starts for latency-sensitive functions
Store SDK clients and database connections outside the handler function (in the initialization code) so they are reused across invocations
Use Lambda Layers to share common libraries across functions without packaging them into every deployment artifact
"The Developer Associate exam tests whether you know how to build real applications on AWS, not just which services exist. Lambda invocation models, DynamoDB access patterns, and CI/CD pipeline structure are the areas that separate candidates who pass from those who need a second attempt." — Stephane Maarek, AWS Community Hero and author of top-rated DVA-C02 Udemy course with over 700,000 students
What to Skip
The DVA-C02 does not test:
Specific programming language syntax or SDK method signatures in detail
Low-level EC2 networking configuration
CloudFormation template structure beyond basic resource declarations
Deep Route 53 routing policy configuration
Study Timeline
Recommended: 5-7 weeks for developers with some AWS experience.
| Week | Focus |
|---|---|
| 1 | Lambda, API Gateway, DynamoDB data model |
| 2 | IAM roles, Cognito, KMS, STS |
| 3 | SQS, SNS, EventBridge, Kinesis basics |
| 4 | CI/CD: CodePipeline, CodeBuild, CodeDeploy, Elastic Beanstalk |
| 5 | CloudWatch, X-Ray, troubleshooting patterns |
| 6-7 | Practice exams, review missed topics |
Hands-on experience with Lambda, DynamoDB, and the CI/CD services significantly reduces study time. Build a small end-to-end application using these services.
See also: AWS Solutions Architect Associate (SAA-C03) Study Guide: Domains, Services, and Scenarios
DVA-C02 exam economics and career positioning
The Developer Associate is priced at $150 with a 130-minute duration, 65 questions, and a 720/1000 scaled pass threshold. First-time pass rates run in the 60-70% range for well-prepared candidates.
| Role | Seniority | US salary range (2024-2025) [1] | DVA-C02 impact |
|---|---|---|---|
| Junior Cloud Developer | Entry | $80,000-$110,000 | $5,000-$10,000 uplift |
| Backend Developer (AWS focus) | Mid | $115,000-$155,000 | $7,000-$15,000 uplift |
| Senior Backend Developer (AWS) | Senior | $145,000-$200,000 | $8,000-$15,000 uplift |
| Full-Stack Engineer (AWS-aligned) | Mid | $110,000-$155,000 | $6,000-$12,000 uplift |
| Principal Cloud Engineer | Staff | $200,000-$280,000 | Foundational; cert holder status assumed |
Adjacent AWS certifications
| Certification | Current exam code | Fee | Overlap with DVA-C02 |
|---|---|---|---|
| AWS Cloud Practitioner | CLF-C02 | $100 | Prerequisite-level overlap |
| AWS SAA-C03 | SAA-C03 | $150 | Strong conceptual overlap |
| AWS SAP-C02 | SAP-C02 | $300 | Architecture-level extension |
| AWS DOP-C02 | DOP-C02 | $300 | CI/CD and deployment deep-dive |
| AWS Security Specialty | SCS-C02 | $300 | Cognito, KMS, IAM overlap |
Candidates pursuing a "developer-track" certification portfolio often combine DVA-C02 with DOP-C02 (DevOps Professional) within 12-18 months to strengthen CI/CD depth.
"The Developer Associate tests the specific skills required to build real serverless applications on AWS. Lambda, API Gateway, DynamoDB, and the full CI/CD toolchain are the exam's core focus. Candidates who have built an end-to-end serverless application in a personal project are substantially better positioned than candidates who have only studied theoretically." - Stephane Maarek, AWS Community Hero and Udemy instructor to over 700,000 students [2].
Lambda vs Fargate vs EC2 decision matrix
The exam presents scenarios where candidates must select between these three compute options. The decision criteria:
| Requirement | Best-fit | Why |
|---|---|---|
| Sub-100ms cold start required | EC2 or Fargate with Provisioned Concurrency | Lambda cold starts can exceed 1s for heavy runtimes |
| Event-driven, sporadic workload | Lambda | Pay-per-invocation; zero idle cost |
| Long-running (> 15 min) job | Fargate or EC2 | Lambda has 15-minute maximum |
| Container-based deployment | Fargate or EKS | Native container support |
| Custom OS or kernel modules | EC2 | Only option with full OS control |
| Predictable steady-state traffic | EC2 Reserved or Fargate | Lambda becomes expensive at sustained load |
| GPU workload | EC2 (g4dn, p3) | Lambda and Fargate lack GPU support |
| WebSocket connections | API Gateway + Lambda (WebSocket API) | Native integration |
| Background job with DynamoDB streams | Lambda | Native stream integration |
| Scheduled hourly batch | Lambda + EventBridge | Simple cron + function model |
The DVA-C02 tests this decision-making under realistic budget and latency constraints. Memorizing service features is not sufficient; candidates must reason through the trade-offs explicitly.
Deep-dive topics under-covered by typical study resources
Lambda execution context reuse - understanding which code runs once per container vs per invocation affects performance optimization answers.
DynamoDB partition key design - how hot partitions form and how to avoid them; adaptive capacity.
API Gateway authorization flows - Lambda authorizers vs Cognito authorizers vs IAM; when each is appropriate.
Step Functions state machine types - Standard vs Express; when to use each; integration with Lambda.
EventBridge vs SNS vs SQS - understanding when each messaging/eventing pattern is correct.
CodePipeline artifact management - how source artifacts flow between stages; S3 artifact storage.
Elastic Beanstalk deployment policies under load - all-at-once vs rolling vs immutable; capacity implications.
CloudWatch Logs Insights queries - the query language for ad-hoc log analysis.
References
[1] Robert Half. (2024). 2024 Technology Salary Guide. https://www.roberthalf.com/us/en/insights/salary-guide/technology
[2] Maarek, Stephane. (2024). Ultimate AWS Certified Developer Associate DVA-C02 Course Notes. Udemy published course supplementary material.
Payscale. (2024). AWS Certified Developer Associate Salary Data. https://www.payscale.com/research/US/Certification=AWS_Certified_Developer_Associate
Glassdoor. (2024). AWS Developer Salary Survey Data. https://www.glassdoor.com/Salaries/aws-developer-salary-SRCH_KO0,13.htm
Tutorials Dojo. (2024). AWS Certified Developer Associate Practice Exams Structure. https://tutorialsdojo.com/aws-certified-developer-associate/
AWS. "AWS Certified Developer - Associate Exam Guide (DVA-C02)." https://d1.awsstatic.com/training-and-certification/docs-dev-associate/AWS-Certified-Developer-Associate_Exam-Guide.pdf
AWS. "AWS Lambda Developer Guide." https://docs.aws.amazon.com/lambda/latest/dg/welcome.html
AWS. "Amazon DynamoDB Developer Guide." https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Introduction.html
AWS. "AWS Security Token Service Documentation." https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html
AWS. "Amazon Cognito Developer Guide." https://docs.aws.amazon.com/cognito/latest/developerguide/what-is-amazon-cognito.html
Faye Ellis. "Ultimate AWS Certified Developer Associate DVA-C02." Udemy, 2023.
AWS. "AWS X-Ray Developer Guide." https://docs.aws.amazon.com/xray/latest/devguide/aws-xray.html
AWS. "AWS CodeDeploy User Guide." https://docs.aws.amazon.com/codedeploy/latest/userguide/welcome.html
Frequently Asked Questions
What is the biggest difference between the DVA-C02 and SAA-C03 exams?
DVA-C02 focuses on developer tools, code integration patterns, CI/CD pipelines, and application-level services like Lambda, DynamoDB, API Gateway, and Cognito. SAA-C03 focuses on architecture design, networking, and broad service selection.
What is the DynamoDB visibility timeout and why does it matter?
Visibility timeout is an SQS concept, not DynamoDB. In SQS, it controls how long a received message is hidden from other consumers. If processing fails before the timeout expires, the message reappears in the queue for retry.
How does envelope encryption work in AWS?
KMS generates a data key using a CMK. The data key encrypts the actual data locally. The encrypted data key is stored with the ciphertext. To decrypt, KMS decrypts the data key, which then decrypts the data. KMS never sees the plaintext data.
What is the difference between Cognito User Pools and Identity Pools?
User Pools handle user authentication and return JWT tokens. Identity Pools exchange those tokens (or tokens from other identity providers) for temporary AWS credentials via STS, allowing direct access to AWS services.
What CodeDeploy deployment type supports traffic shifting for Lambda?
CodeDeploy supports Canary (shift a small percentage first, then the rest after a waiting period), Linear (shift in equal increments), and All-at-once for Lambda deployments. Blue/green is supported for EC2 and ECS.